Category: Cryptography

I have previously discussed other ways to decrpyt HTTPS traffic, such as sslstrip and key logging, but let's discuss another way. When you link to a Web site, you're hopefully using HTTPS and not HTTP. Our Web traffic used to be encrypted using Netscape's "Secure Sockets Layer version 3 (SSLv3)"; however, due to some inherent... Continue Reading →

How do we authenticate when we login to another device or an application? It's much more than just entering a username and password, right? Well, there are actually many ways to authenticate! I'll discuss some of the main ones we use and what goes on behind the scenes. Point-to-Point Protocols (PPP) If you're familiar with... Continue Reading →

Kerberos is a Single Sign-On (SSO) authentication protocol developed by the Massachusetts Institute of Technology in the 1980s. It is also a written standard in RFC 4120. As an SSO technology, users don't have to worry about entering different login credentials every time they access a resource. If we didn't have SSO technology, it wouldn't... Continue Reading →

Hypertext Transfer Protocol over SSL (https) is pretty decent security. This is because https uses the Secure Sockets Layer (SSL) encryption scheme to pass keys between two parties over the Internet. These days, however, most of our Web servers are utilizing Transport Layer Security (TLS), which is an updated version of SSL. Therefore, we refer... Continue Reading →

We all know http isn't secure. This is because http transfers our requests and responses for Web pages in plaintext over the Internet. This makes http sessions vulnerable to man-in-the-middle attacks where hackers can steal your sensitive information. To solve this vulnerability, we created https. This stands for Hypertext Transfer Protocol over SSL encryption (though... Continue Reading →